Republican Data Firm Leaks Personal Info on 198 Million Voters

The lifeblood of modern political campaigns is big data analysis. This helps candidates target their efforts where it will do the most good to get more votes and donations. That means there are databases out there with information on virtually all the eligible voters in the US. One such database was left wide open by a Republican marketing company. Cyber security firm UpGuard uncovered the database last week, confirming that it includes personal data on nearly 200 million US voters. That’s almost everyone.

The data comes from Deep Root Analytics, a conservative data processor and aggregator that was contracted by the Republican National Committee to help with voter targeting. The company was paid nearly $ 1 million by the RNC last year. The database clocked in at more than a terabyte, and was stored on an unsecured Amazon server. UpGuard didn’t even need a password to access the files. It has not made the actual files available for download, but it has a full analysis of the leak.

Much of the data contained within the archive was pulled in from multiple sources within the Republican party. There’s voter research from super PACs, surveys, and even data scraped from Reddit posts. The end result is a spreadsheet with all your likes and dislikes on it. UpGuard found a folder containing comma separated value files (CSV) with anonymized 32-character voter IDs, each one with a corresponding list of likely feelings on issues like gun control and abortion. That might not be so bad–except for the presence of a “Contact File,” which turns each of those 198 million IDs into real names, addresses, and birthdates.

While most of the files contain data to target voters in the lead up to the 2016 election, some are aimed at gauging voter sentiment around Trump’s policies as the inauguration approached. Each voter as given a score (above) indicating how strongly they agree with concepts like stopping illegal immigration and repealing the ACA.

UpGuard notes that this is probably not the only database of its kind, and probably not even the only one with lax security. Still, the idea that something with data on most US adults floating around is concerning—UpGuard was probably not the first to grab these files. Anyone who has run a server knows how often nefarious connections will come poking around. If your political leanings were not a matter of public record before, they probably are now.